Bug#401796: CVE-2006-4249: Plone vulnerability
Fabio Tranchitella
kobold at kobold.it
Thu Dec 7 06:26:34 UTC 2006
* 2006-12-06 23:08, Encolpe Degoute wrote:
> Moritz Muehlenhoff a écrit :
> > Package: zope-cmfplone
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > I don't know very much about Plone and I didn't investigate too deeply
> > as Sarge is not affected, but I suppose this needs to be fixed for Etch:
> >
> > http://plone.org/about/security/advisories/cve-2006-4249/
> >
> > | PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1)
> > | has a potential vulnerability that allows a user to
> > | masquerade as a group. Please update your sites.
> >
> > Applying the hotfix is probably preferable to upgrading to 2.5.2.
>
> +1
>
> There's no Plone 2.5.2 release before january, apply the patch is the
> solution for etch.
I'm working on this issue, and I'll upload the fix to unstable ASAP.
Cheers,
--
Fabio Tranchitella http://www.kobold.it
Free Software Developer and Consultant http://www.tranchitella.it
_____________________________________________________________________
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564
More information about the pkg-zope-developers
mailing list